Phishing is an attempt by an attacker to obtain sensitive information by masquerading as a trustworthy entity during electronic communications. Typically, an attacker will pretend to be a representative or agent of a service provider. More recently, phishing attacks may involve website forgery or some form of man-in-the-middle (MiM) attack, where an attacker alters or clones a service provider's webpage, such as a login page, to capture authentication credentials (e.g., a user name and password) of one or more clients that enter their authentication credentials into the cloned webpage. In such cases, an attacker may gain access to the client's sensitive information within the service provider's system by relaying the client's authentication credentials, which were obtained through the cloned webpage, to the service provider.
In some cases, the service provider may use secure communications session, such as Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS), to provide client's access to various services. HTTP over TLS (also referred to as “HTTPS”) relies on a public key infrastructure (PKI) mutual authentication scheme whereby the client and the service provider mutually validate certificates issued by a common certificate authority. However, in some cases, an attacker may obtain a client's certificate via the cloned website and pass the client's certificate to the service provider along with the obtained authentication credentials. In other cases, the attacker may replace the client's certificate with his own certificate and perform the various authentication/handshake procedures using his own certificate.